Ever since a leaked classified intelligence document revealed that Russian hackers had tried to access Florida’s elections networks in 2016 by crafting malware-laced emails made to look like they came from a software vendor, reporters all over the country have been searching for electronic correspondence sent three years ago to the state’s 67 elections offices.
But could emails crafted by the elections offices themselves hold the clue to determining which two jurisdictions were in fact hacked?
This week, in response to hacking questions sent to every supervisor of elections in the state by the Tampa Bay Times and Miami Herald, two offices issued the same legalistic non-denial. Almost word-for-word, they gave the same response when asked if their voter registration networks were hacked in 2016, explaining that they could not answer questions because to do so could “directly or indirectly” help determine the answer — which has been deemed classified by the FBI.
It now turns out that at least one of those two offices was, in fact, hacked.
Citing anonymous sources, the Washington Post and Politico reported Thursday that hackers gained access in 2016 to the voter registration database in Washington County, a Panhandle jurisdiction of about 16,000 registered voters. But the identity of the second hacked supervisors’ office remains a mystery, since the FBI won’t say which counties were hacked and Florida’s governor and members of Congress were sworn to secrecy.
MORE ON RUSSIAN HACKING: Ron DeSantis ‘not allowed’ to disclose which two Florida counties were hacked by Russians
Meanwhile, though the FBI has stressed that no data was manipulated by the hackers, there isn’t a single one of Florida’s 67 supervisor of elections that has admitted to being hacked.
But email responses to hacking questions from elections supervisors in Washington and Sumter counties might be clues. Both offices issued jargon-filled non-denials to the Tampa Bay Times and Miami Herald that were nearly identical, save for pronouns and a single sentence. Neither responded to follow-up questions.
Here’s how Washington County Supervisor of Elections Carol Rudd responded early Thursday afternoon to the question of whether her office was hacked:
“As your request relates to potential communications between my office and various federal agencies, including (the U.S. Department of Homeland Security) FBI, and because my answers could either directly or indirectly allow yourself or others, including nation states trying to do harm to our elections process, to ascertain details harmful to national security, I will exercise the protections offered under (the Freedom of Information Act) and (the Cybersecurity Information Security Act) of 2015 in regards to your request,” Rudd wrote.
She continued: “I hope you understand that while I am a public official entrusted with and committed to maintaining and promoting fair, accurate, and transparent elections, I am also entrusted with maintaining the security of elections. I take this trust very seriously.”
Rudd had also issued the same response to a Sun-Sentinel records request for copies of any of the spearphishing emails that were sent by Russian hackers in 2016 and made to appear as if they came from elections vendor VR Systems. The Washington Post reported late Thursday that Rudd declined to address their information that her office had been hacked.
Rudd’s email was also notable for this reason: Out of all 67 counties contacted by the Tamp Bay Times and Miami Herald, one other elections office sent an almost identical email. That email, sent Wednesday from a general office email account from the Sumter County Supervisor of Elections, included much of the same language.
The Miami Herald checked with two other Florida elections offices, which said they had never seen the text in the emails sent by Sumter and Washington’s elections offices. That makes it unlikely that the federal or state governments provided the emails as templates on how to respond to questions from reporters.
Neither Rudd nor Sumter’s elections offices responded to follow-up questions about where they’d received the texts in the emails.
That, of course, doesn’t mean that Sumter County — a largely Republican Central Florida jurisdiction of about 100,000 voters — was, in fact, hacked.
Bill Keene, the current supervisor in Sumter, told the Miami Herald in a brief interview Wednesday that he has no reason to believe that hackers penetrated his county’s voter registration database. Keene, however, qualified that statement by saying he was elected in 2016, and wasn’t the supervisor when hackers were trying to spearphish their way into Florida’s elections networks.
And Keene’s office quickly followed his comments by sending an email with the same non-denial language as Washington County. Asked if they were retracting Keene’s denial, elections administration coordinator Melissa Steele responded, “Yes, that’s the most recent update we have.”
Keene’s predecessor, however, said Saturday that she has no reason to believe that Sumter was hacked, and said the county’s elections network was “heavily guarded.” And the Sun-Sentinel reported this week that Sumter County responded to its records request by denying that it had received any of the spearphishing emails.
“The FBI, they were involved in the whole process. They were watching Florida very closely. I don’t think or believe in my heart that we were hacked at all,” said Karen Krauss, who retired following the 2016 election. “As far as Sumter goes, we were well-protected and well-guarded both by the state Division of Elections and by the FBI.”
But here’s the thing about denials: Rudd, in Washington County, denied that her office was hacked last year in an interview with the Panama City News Herald. “There is nothing we have discovered. We really want to put that to rest, because we’ve worked really hard and have used grant funds in recent weeks to fortify our security systems.”